General
-
Target
616d5aff4f3c6aa33090263e10fcdc548650caf261fda6ee7ecd33aec361565b
-
Size
565KB
-
Sample
220730-z2gacahdbl
-
MD5
005012a9a407098e7a5ca6889efed2dd
-
SHA1
d7b3f086bd06b730d1df5f8deeb2f656af8ffb48
-
SHA256
616d5aff4f3c6aa33090263e10fcdc548650caf261fda6ee7ecd33aec361565b
-
SHA512
4ae1c1b17d4022d04fda1501791e5545d365d7477a0e9e59aab4108b65db26249679f4dd4ee9c519a23fb26dc08f6259add7e7974a3625b87002ae257101b3f7
Malware Config
Extracted
trickbot
1000233
sat21
138.34.32.218:443
178.78.202.189:443
85.9.212.117:443
93.109.242.134:443
198.53.63.120:443
158.58.131.54:443
87.117.146.63:443
118.200.151.113:443
89.117.107.13:443
109.86.227.152:443
200.2.126.98:443
31.29.62.112:443
83.167.164.81:443
182.253.210.130:449
77.89.86.93:443
70.79.178.120:449
68.109.83.22:443
24.231.0.139:443
84.237.228.13:443
138.34.32.19:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
616d5aff4f3c6aa33090263e10fcdc548650caf261fda6ee7ecd33aec361565b
-
Size
565KB
-
MD5
005012a9a407098e7a5ca6889efed2dd
-
SHA1
d7b3f086bd06b730d1df5f8deeb2f656af8ffb48
-
SHA256
616d5aff4f3c6aa33090263e10fcdc548650caf261fda6ee7ecd33aec361565b
-
SHA512
4ae1c1b17d4022d04fda1501791e5545d365d7477a0e9e59aab4108b65db26249679f4dd4ee9c519a23fb26dc08f6259add7e7974a3625b87002ae257101b3f7
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-